Re: updated transport & userauth drafts

["Andersson, Mats" <mats.andersson%appgate.com@localhost>]

On Fri, 1 Mar 2002, Bill Sommerfeld wrote:
> 	draft-ietf-secsh-transport-13.txt (as mailed to ietf-secsh yesterday)

As I (and others) have noted in previous mails:

In:
4.6 Public Key Algorithms
...
   The certificate part may have be a zero length string, but a public
   key is required.
...

Delete this sentence, it doesn't carry any information IMHO, it's only
confusing things which are otherwise mostly clear.

Same paragraph:
...
   This is the public key that will be used for authentication; the
   certificate sequence contained in the certificate blob can be used to
   provide authorization.
...

Suggested rephrase:
...
   This is the public key that will be used for authentication. Whether
   it is a plain public key or certificate (or certificate chain) is
   implicit from the format used. A certificate chain is the binary
   concatenation (i.e. of byte[n] blobs) of certificates
   necessary for authentication as defined by the format used.
...

(note: if we don't explicitly define a certificate chain here we don't
know what it is, or we'll have to drag in PKCS7 or some other means of
transport/definition of one, rfc2459 doesn't define this AFAIK).

In the references part, [PKCS1] is missing, suggested addition:
...
   [PKCS1] RSA Laboratories. PKCS #1: RSA Encryption Standard. Version
           1.5, November 1993.
...

IMHO these changes will add/delete as much information as is needed to
unambigously (hopefully...) implement this.

Cheers,

/Mats